Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2018-05-19 CVE-2018-4939 Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability.
network
low complexity
adobe CWE-502
critical
 9.8
9.8
2018-05-15 CVE-2017-2608 Deserialization of Untrusted Data vulnerability in Jenkins
Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).
network
low complexity
jenkins CWE-502
8.8
8.8
2018-05-15 CVE-2018-1131 Deserialization of Untrusted Data vulnerability in multiple products
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations.
network
low complexity
infinispan redhat CWE-502
8.8
8.8
2018-05-09 CVE-2018-0824 Deserialization of Untrusted Data vulnerability in Microsoft products
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
network
low complexity
microsoft CWE-502
8.8
8.8
2018-04-30 CVE-2018-7891 Deserialization of Untrusted Data vulnerability in multiple products
The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essential+) 2016 R1 (10.0.a) to 2018 R1 (12.1a) contains .NET Remoting endpoints that are vulnerable to deserialization attacks resulting in remote code execution.
network
high complexity
milestonesys siemens CWE-502
8.1
8.1
2018-04-19 CVE-2018-2628 Deserialization of Untrusted Data vulnerability in Oracle Weblogic Server
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components).
network
low complexity
oracle CWE-502
critical
 9.8
9.8
2018-04-18 CVE-2018-1000167 Deserialization of Untrusted Data vulnerability in Oisf Suricata-Update 1.0.0A1
OISF suricata-update version 1.0.0a1 contains an Insecure Deserialization vulnerability in the insecure yaml.load-Function as used in the following files: config.py:136, config.py:142, sources.py:99 and sources.py:131.
local
low complexity
oisf CWE-502
7.8
7.8
2018-04-13 CVE-2018-10085 Deserialization of Untrusted Data vulnerability in Cmsmadesimple CMS Made Simple
CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call in the _get_data function of \lib\classes\internal\class.LoginOperations.php.
network
low complexity
cmsmadesimple CWE-502
critical
 9.8
9.8
2018-04-12 CVE-2018-9843 Deserialization of Untrusted Data vulnerability in Cyberark Password Vault 10.0
The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header.
network
low complexity
cyberark CWE-502
critical
 9.8
9.8
2018-04-04 CVE-2017-13286 Deserialization of Untrusted Data vulnerability in Google Android 8.0/8.1
In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due to mismatched serialization.
local
low complexity
google CWE-502
7.8
7.8